From 5ce3f00a1104690feb5b495ec349db6b1d4b241d Mon Sep 17 00:00:00 2001
From: daeks <daeks@gmx.net>
Date: Fri, 5 Apr 2013 16:08:51 +0200
Subject: [PATCH] security checks to prevent unwanted changes

---
 common.php                        |  8 ++++++++
 components/project/controller.php | 20 ++++++++++++--------
 components/project/dialog.php     |  6 +++---
 components/user/controller.php    | 30 +++++++++++++++++++-----------
 components/user/dialog.php        |  2 +-
 5 files changed, 43 insertions(+), 23 deletions(-)

diff --git a/common.php b/common.php
index 2309585..337f448 100755
--- a/common.php
+++ b/common.php
@@ -153,6 +153,14 @@
     // Check Function Availability
     //////////////////////////////////////////////////////////////////
 
+    function checkAccess() {
+        return file_exists(BASE_PATH . "/data/" . $_SESSION['user'] . '_acl.php')?false:true;
+    }
+    
+    //////////////////////////////////////////////////////////////////
+    // Check Function Availability
+    //////////////////////////////////////////////////////////////////
+
     function isAvailable($func) {
         if (ini_get('safe_mode')) return false;
         $disabled = ini_get('disable_functions');
diff --git a/components/project/controller.php b/components/project/controller.php
index 289e070..28f2462 100755
--- a/components/project/controller.php
+++ b/components/project/controller.php
@@ -52,13 +52,15 @@
     //////////////////////////////////////////////////////////////////
 
     if($_GET['action']=='create'){
-        $Project->name = $_GET['project_name'];
-        // Git Clone?
-        if(!empty($_GET['git_repo'])){
-            $Project->gitrepo = $_GET['git_repo'];
-            $Project->gitbranch = $_GET['git_branch'];
+        if(checkAccess()) {
+            $Project->name = $_GET['project_name'];
+            // Git Clone?
+            if(!empty($_GET['git_repo'])){
+                $Project->gitrepo = $_GET['git_repo'];
+                $Project->gitbranch = $_GET['git_branch'];
+            }
+            $Project->Create();
         }
-        $Project->Create();
     }
 
     //////////////////////////////////////////////////////////////////
@@ -66,8 +68,10 @@
     //////////////////////////////////////////////////////////////////
 
     if($_GET['action']=='delete'){
-        $Project->path = $_GET['project_path'];
-        $Project->Delete();
+        if(checkAccess()) {
+            $Project->path = $_GET['project_path'];
+            $Project->Delete();
+        }
     }
 
     //////////////////////////////////////////////////////////////////
diff --git a/components/project/dialog.php b/components/project/dialog.php
index 8399a93..3f6f60f 100755
--- a/components/project/dialog.php
+++ b/components/project/dialog.php
@@ -75,7 +75,7 @@
                     <th width="5">Open</th>
                     <th>Project Name</th>
                     <th>Path</th>
-                    <?php if(!$projects_assigned){ ?><th width="5">Delete</th><?php } ?>
+                    <?php if(checkAccess()){ ?><th width="5">Delete</th><?php } ?>
                 </tr>
             <?php
             
@@ -92,7 +92,7 @@
                     <td><?php echo($data['name']); ?></td>
                     <td>/<?php echo($data['path']); ?></td>
                     <?php
-                        if(!$projects_assigned){
+                        if(checkAccess()){
                             if($_SESSION['project'] == $data['path']){
                             ?>
                             <td><a onclick="codiad.message.error('Active Project Cannot Be Removed');" class="icon-block bigger-icon"></a></td>
@@ -111,7 +111,7 @@
             ?>
             </table>
             </div>
-            <?php if(!$projects_assigned){ ?><button class="btn-left" onclick="codiad.project.create();">New Project</button><?php } ?><button class="<?php if(!$projects_assigned){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;">Close</button>
+            <?php if(checkAccess()){ ?><button class="btn-left" onclick="codiad.project.create();">New Project</button><?php } ?><button class="<?php if(checkAccess()){ echo('btn-right'); } ?>" onclick="codiad.modal.unload();return false;">Close</button>
             <?php
             
             break;
diff --git a/components/user/controller.php b/components/user/controller.php
index b84dad6..e610179 100755
--- a/components/user/controller.php
+++ b/components/user/controller.php
@@ -48,9 +48,11 @@
     //////////////////////////////////////////////////////////////////
 
     if($_GET['action']=='create'){
-        $User->username = User::CleanUsername( $_POST['username'] );
-        $User->password = $_POST['password'];
-        $User->Create();
+        if(checkAccess()) {
+            $User->username = User::CleanUsername( $_POST['username'] );
+            $User->password = $_POST['password'];
+            $User->Create();
+        }
     }
 
     //////////////////////////////////////////////////////////////////
@@ -58,8 +60,10 @@
     //////////////////////////////////////////////////////////////////
 
     if($_GET['action']=='delete'){
-        $User->username = $_GET['username'];
-        $User->Delete();
+        if(checkAccess()) {
+            $User->username = $_GET['username'];
+            $User->Delete();
+        }
     }
 
     //////////////////////////////////////////////////////////////////
@@ -67,9 +71,11 @@
     //////////////////////////////////////////////////////////////////
 
     if($_GET['action']=='project_access'){
-        $User->username = $_GET['username'];
-        $User->projects = $_POST['projects'];
-        $User->Project_Access();
+        if(checkAccess()) {
+            $User->username = $_GET['username'];
+            $User->projects = $_POST['projects'];
+            $User->Project_Access();
+        }
     }
 
     //////////////////////////////////////////////////////////////////
@@ -77,9 +83,11 @@
     //////////////////////////////////////////////////////////////////
 
     if($_GET['action']=='password'){
-        $User->username = $_POST['username'];
-        $User->password = $_POST['password'];
-        $User->Password();
+        if(checkAccess() || $_POST['username'] == $_SESSION['user']) {
+            $User->username = $_POST['username'];
+            $User->password = $_POST['password'];
+            $User->Password();
+        }
     }
 
     //////////////////////////////////////////////////////////////////
diff --git a/components/user/dialog.php b/components/user/dialog.php
index e098835..958ec34 100755
--- a/components/user/dialog.php
+++ b/components/user/dialog.php
@@ -23,7 +23,7 @@
         case 'list':
             
             $projects_assigned = false;
-            if(file_exists(BASE_PATH . "/data/" . $_SESSION['user'] . '_acl.php')){ 
+            if(!checkAccess()){ 
             ?>
             <label>Restricted</label>
             <pre>You can not edit the user list</pre>